Search

Search Results (366011 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-5077 1 Tipsandtricks-hq 1 Wp Emember 2025-05-06 6.8 Medium
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2018-6668 1 Mcafee 1 Application Change Control 2025-05-06 N/A
A whitelist bypass vulnerability in McAfee Application Control / Change Control 7.0.1 and before allows execution bypass, for example, with simple DLL through interpreters such as PowerShell.
CVE-2024-5079 1 Tipsandtricks-hq 1 Wp Emember 2025-05-06 6.1 Medium
The wp-eMember WordPress plugin before 10.6.7 does not sanitise and escape some of the fields when members register, which allows unauthenticated users to perform Stored Cross-Site Scripting attacks
CVE-2024-5080 1 Tipsandtricks-hq 1 Wp Emember 2025-05-06 8.8 High
The wp-eMember WordPress plugin before 10.6.6 does not validate files to be uploaded, which could allow admins to upload arbitrary files such as PHP on the server
CVE-2024-21146 1 Oracle 1 Trade Management 2025-05-06 8.1 High
Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Trade Management accessible data as well as unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
CVE-2024-25021 1 Ibm 2 Aix, Vios 2025-05-06 8.4 High
IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320.
CVE-2024-40576 2 Mayurik, Sourcecodester 2 Best House Rental Management System, Best House Rental Management System 2025-05-06 4.7 Medium
Cross Site Scripting vulnerability in Best House Rental Management System 1.0 allows a remote attacker to execute arbitrary code via the "House No" and "Description" parameters in the houses page at the index.php component.
CVE-2024-6408 1 10web 1 Slider 2025-05-06 5.4 Medium
The Slider by 10Web WordPress plugin before 1.2.57 does not sanitise and escape its Slider Title, which could allow high privilege users such as editors and above to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2024-38890 1 Horizoncloud 1 Caterease 2025-05-06 8.4 High
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and possibly later versions allows a local attacker to perform an Authentication Bypass by Capture-replay attack due to insufficient protection against capture-replay attacks.
CVE-2024-13825 1 Intricateweb 1 Email Keep 2025-05-06 6.1 Medium
The Email Keep WordPress plugin through 1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-13826 1 Intricateweb 1 Email Keep 2025-05-06 5.4 Medium
The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2022-42252 2 Apache, Redhat 2 Tomcat, Jboss Enterprise Web Server 2025-05-06 7.5 High
If Apache Tomcat 8.5.0 to 8.5.82, 9.0.0-M1 to 9.0.67, 10.0.0-M1 to 10.0.26 or 10.1.0-M1 to 10.1.0 was configured to ignore invalid HTTP headers via setting rejectIllegalHeader to false (the default for 8.5.x only), Tomcat did not reject a request containing an invalid Content-Length header making a request smuggling attack possible if Tomcat was located behind a reverse proxy that also failed to reject the request with the invalid header.
CVE-2022-40839 1 Ndk-design 1 Ndkadvancedcustomizationfields 2025-05-06 7.5 High
A SQL injection vulnerability in the height and width parameter in NdkAdvancedCustomizationFields v3.5.0 allows unauthenticated attackers to exfiltrate database data.
CVE-2022-40471 1 Oretnom23 1 Clinic\'s Patient Management System 2025-05-06 9.8 Critical
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
CVE-2022-3334 1 Wp-ecommerce 1 Easy Wp Smtp 2025-05-06 7.2 High
The Easy WP SMTP WordPress plugin before 1.5.0 unserialises the content of an imported file, which could lead to PHP object injection issue when an admin import (intentionally or not) a malicious file and a suitable gadget chain is present on the blog.
CVE-2022-3314 1 Google 1 Chrome 2025-05-06 6.5 Medium
Use after free in logging in Google Chrome prior to 106.0.5249.62 allowed a remote attacker who had compromised a WebUI process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-3313 1 Google 1 Chrome 2025-05-06 6.5 Medium
Incorrect security UI in full screen in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)
CVE-2022-3312 1 Google 1 Chrome 2025-05-06 4.6 Medium
Insufficient validation of untrusted input in VPN in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a local attacker to bypass managed device restrictions via physical access to the device. (Chromium security severity: Medium)
CVE-2022-3310 1 Google 2 Android, Chrome 2025-05-06 6.5 Medium
Insufficient policy enforcement in custom tabs in Google Chrome on Android prior to 106.0.5249.62 allowed an attacker who convinced the user to install an application to bypass same origin policy via a crafted application. (Chromium security severity: Medium)
CVE-2022-3309 1 Google 2 Chrome, Chrome Os 2025-05-06 6.5 Medium
Use after free in assistant in Google Chrome on ChromeOS prior to 106.0.5249.62 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: Medium)